METHOD AND APPARATUS FOR RE-AUTHENTICATION OF A COMPUTING DEVICE USING CACHED STATE
    12.
    发明申请
    METHOD AND APPARATUS FOR RE-AUTHENTICATION OF A COMPUTING DEVICE USING CACHED STATE 审中-公开
    使用高速缓存状态重新认证计算机设备的方法和装置

    公开(公告)号:WO2007047440A3

    公开(公告)日:2009-04-23

    申请号:PCT/US2006040097

    申请日:2006-10-11

    Abstract: Automatically re-authenticating a computing device seeking access to a network or a resource. A method comprises forwarding a request received from the computing device to an authentication device to enable the authentication device to authenticate the computing device using a full-authentication mechanism. State information related to authenticating the computing device is created from authenticating the computing device. The state information is received and stored. For example, an authenticator device that forwarded the initial authentication request from the computing device to the authentication device receives and stores the state information. The computing device is re-authenticated using the stored state information without again contacting the authentication device.

    Abstract translation: 自动重新认证计算设备寻求对网络或资源的访问。 一种方法包括将从计算设备接收的请求转发到认证设备,以使认证设备能够使用完全认证机制认证计算设备。 通过验证计算设备创建与认证计算设备相关的状态信息。 接收并存储状态信息。 例如,将初始认证请求从计算装置转发到认证装置的认证装置接收并存储状态信息。 使用所存储的状态信息重新认证计算设备,而不再与认证设备联系。

    SYSTEM AND METHOD FOR ACHIEVING MACHINE AUTHENTICATION WITHOUT MAINTAINING ADDITIONAL CREDENTIALS
    13.
    发明申请
    SYSTEM AND METHOD FOR ACHIEVING MACHINE AUTHENTICATION WITHOUT MAINTAINING ADDITIONAL CREDENTIALS 审中-公开
    用于在不维护附加证明的情况下实现机器认证的系统和方法

    公开(公告)号:WO2006107542A2

    公开(公告)日:2006-10-12

    申请号:PCT/US2006009195

    申请日:2006-03-15

    Applicant: CISCO TECH INC

    Abstract: A Machine Authentication PAC (Protected Access Credential) serves as machine credentials to obtain network access without requiring server storage and management of the additional set of credentials. The first time authentication is performed, user authentication is executed. After the supplicant and server have mutually authenticated each other and satisfied other validations, the supplicant requests a Machine Authentication PAC from the server. The Server randomly generates a cryptographic key (Device Key) and sends it to the supplicant along with an encrypted ticket, comprising the Device Key and other information and encrypted with a key only known to the Server. The supplicant caches the Machine Authentication PAC in its non-volatile memory for future use. When the machine needs to access certain network services before a user is available, the supplicant uses the Machine Authentication PAC to gain authorization for the machine to limited access on the network, without requiring user input.

    Abstract translation: 机器认证PAC(受保护的访问凭证)用作获取网络访问的机器凭证,而不需要服务器存储和管理附加凭证集。 执行第一次验证,执行用户认证。 在请求者和服务器互相认证并满足其他验证后,请求者从服务器请求机器认证PAC。 服务器随机生成加密密钥(设备密钥),并将其发送给请求方以及包含设备密钥和其他信息的加密票据,并使用服务器仅知道的密钥进行加密。 请求者将机器认证PAC缓存在其非易失性存储器中以供将来使用。 当用户可用之前,机器需要访问某些网络服务时,请求者使用机器认证PAC获得机器授权,限制网络上的访问,而不需要用户输入。

    ENABLING STATELESS SERVER-BASED PRE-SHARED SECRETS
    14.
    发明申请
    ENABLING STATELESS SERVER-BASED PRE-SHARED SECRETS 审中-公开
    启用无状态的基于服务器的预共享秘密

    公开(公告)号:WO2005067685A3

    公开(公告)日:2006-07-27

    申请号:PCT/US2005000812

    申请日:2005-01-10

    CPC classification number: H04L63/0435 H04L63/08 H04L67/14

    Abstract: A method is disclosed for enabling stateless server-based pre-shared secrets. Based on a local key that is not known to a client, a server encrypts the client's state information. The client's state information may include, for example, the client's authentication credentials, the client's authorization characteristics, and a shared secret key that the client uses to derive session keys. By any of a variety of mechanisms, the encrypted client state information is provided to the client. The server may free memory that stored the client's state information. When the server needs the client's state information, the client sends, to the server, the encrypted state information that the client stored. The server decrypts the client state information using the local key. Because each client stores that client's own state information in encrypted form, the server does not need to store any client's state information permanently.

    Abstract translation: 公开了一种实现无状态的基于服务器的预共享秘密的方法。 基于客户端不知道的本地密钥,服务器加密客户端的状态信息。 客户端的状态信息可以包括例如客户端的认证凭证,客户端的授权特征以及客户端用于导出会话密钥的共享秘密密钥。 通过各种机制中的任一种,加密的客户端状态信息被提供给客户端。 服务器可以释放存储客户端状态信息的内存。 当服务器需要客户端的状态信息时,客户端向客户端发送客户端存储的加密状态信息。 服务器使用本地密钥解密客户端状态信息。 因为每个客户端以加密的形式存储客户端自己的状态信息,服务器不需要永久地存储任何客户端的状态信息。

    SYSTEM AND METHOD FOR ACHIEVING MACHINE AUTHENTICATION WITHOUT MAINTAINING ADDITIONAL CREDENTIALS
    15.
    发明公开
    SYSTEM AND METHOD FOR ACHIEVING MACHINE AUTHENTICATION WITHOUT MAINTAINING ADDITIONAL CREDENTIALS 审中-公开
    系统和方法获得机验证,而不ENTERTAINMENT其他凭据

    公开(公告)号:EP1869820A4

    公开(公告)日:2014-12-10

    申请号:EP06738276

    申请日:2006-03-15

    Applicant: CISCO TECH INC

    Abstract: A Machine Authentication PAC (Protected Access Credential) serves as machine credentials to obtain network access without requiring server storage and management of the additional set of credentials. The first time authentication is performed, user authentication is executed. After the supplicant and server have mutually authenticated each other and satisfied other validations, the supplicant requests a Machine Authentication PAC from the server. The Server randomly generates a cryptographic key (Device Key) and sends it to the supplicant along with an encrypted ticket, comprising the Device Key and other information and encrypted with a key only known to the Server. The supplicant caches the Machine Authentication PAC in its non-volatile memory for future use. When the machine needs to access certain network services before a user is available, the supplicant uses the Machine Authentication PAC to gain authorization for the machine to limited access on the network, without requiring user input.

    METHOD AND APPARATUS PROVIDING POLICY-BASED REVOCATION OF NETWORK SECURITY CREDENTIALS
    17.
    发明公开
    METHOD AND APPARATUS PROVIDING POLICY-BASED REVOCATION OF NETWORK SECURITY CREDENTIALS 审中-公开
    网络安全证书有关策略的方法和装置基于撤销

    公开(公告)号:EP1836798A4

    公开(公告)日:2013-08-07

    申请号:EP06717996

    申请日:2006-01-10

    Applicant: CISCO TECH INC

    Inventor: SALOWEY JOSEPH

    CPC classification number: H04L63/0823 H04L63/20 H04L2463/102

    Abstract: A method for policy-based revocation of network security credentials comprises receiving and storing one or more credential revocation rules, wherein each of the credential revocation rules specifies one or more first attributes and first values of the first attributes, associated with one or more credentials to be revoked; receiving and storing one or more network credentials, wherein each of the network credentials comprises one or more second attributes and second values of the second attributes; and when second values of one or more second attributes of a particular network credential among the one or more network credentials match first values of one or more first attributes of one of the credential revocation rules, determining that the particular network credential is invalid, and performing a responsive action.

    ENABLING STATELESS SERVER-BASED PRE-SHARED SECRETS
    18.
    发明公开
    ENABLING STATELESS SERVER-BASED PRE-SHARED SECRETS 有权
    的状态下ON大量的许可服务器-BASED PRE-SPLIT秘密

    公开(公告)号:EP1706956A4

    公开(公告)日:2012-04-04

    申请号:EP05722407

    申请日:2005-01-10

    Applicant: CISCO TECH INC

    CPC classification number: H04L63/0435 H04L63/08 H04L67/14

    Abstract: A method is disclosed for enabling stateless server-based pre-shared secrets. Based on a local key that is not known to a client, a server encrypts the client's state information. The client's state information may include, for example, the client's authentication credentials, the client's authorization characteristics, and a shared secret key that the client uses to derive session keys. By any of a variety of mechanisms, the encrypted client state information is provided to the client. The server may free memory that stored the client's state information. When the server needs the client's state information, the client sends, to the server, the encrypted state information that the client stored. The server decrypts the client state information using the local key. Because each client stores that client's own state information in encrypted form, the server does not need to store any client's state information permanently.

    METHOD AND APPARATUS FOR RE-AUTHENTICATION OF A COMPUTING DEVICE USING CACHED STATE
    19.
    发明公开
    METHOD AND APPARATUS FOR RE-AUTHENTICATION OF A COMPUTING DEVICE USING CACHED STATE 有权
    方法和装置与缓冲器状态中的电脑设备重新认证

    公开(公告)号:EP1938506A4

    公开(公告)日:2009-08-05

    申请号:EP06825918

    申请日:2006-10-11

    Applicant: CISCO TECH INC

    Abstract: Automatically re-authenticating a computing device seeking access to a network or a resource. A method comprises forwarding a request received from the computing device to an authentication device to enable the authentication device to authenticate the computing device using a full-authentication mechanism. State information related to authenticating the computing device is created from authenticating the computing device. The state information is received and stored. For example, an authenticator device that forwarded the initial authentication request from the computing device to the authentication device receives and stores the state information. The computing device is re-authenticated using the stored state information without again contacting the authentication device.

Patent Agency Ranking